mirror of
https://github.com/pgpainless/pgpainless.git
synced 2025-09-09 10:19:39 +02:00
Compare commits
5 commits
42e6bb483f
...
8f41fb0f27
| Author | SHA1 | Date | |
|---|---|---|---|
8f41fb0f27
|
|||
|
5939b747b0
|
|||
|
adf9fc4639
|
|||
|
9df5060bab
|
|||
|
fef620d18b
|
10 changed files with 22 additions and 42 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
|
@ -34,4 +34,4 @@ push_html.sh
|
|||
|
||||
node_modules
|
||||
|
||||
pgpainless-sop/.cifuzz-corpus/*
|
||||
*/.cifuzz-corpus/*
|
||||
|
|
|
|||
|
|
@ -347,12 +347,7 @@ class OpenPgpMessageInputStream(
|
|||
"Symmetrically Encrypted Data Packet at depth ${layerMetadata.depth} encountered.")
|
||||
syntaxVerifier.next(InputSymbol.ENCRYPTED_DATA)
|
||||
val encDataList = packetInputStream!!.readEncryptedDataList()
|
||||
if (encDataList.isEmpty) {
|
||||
LOGGER.debug(
|
||||
"Missing encrypted session key packet.")
|
||||
return false
|
||||
}
|
||||
if (!encDataList.isIntegrityProtected && !encDataList.get(0).isAEAD) {
|
||||
if (!encDataList.isIntegrityProtected && !encDataList.isEmpty && !encDataList.get(0).isAEAD) {
|
||||
LOGGER.warn("Symmetrically Encrypted Data Packet is not integrity-protected.")
|
||||
if (!options.isIgnoreMDCErrors()) {
|
||||
throw MessageNotIntegrityProtectedException()
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ dependencies {
|
|||
testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:$junitVersion"
|
||||
|
||||
// Jazzer for Fuzzing
|
||||
testImplementation "com.code-intelligence:jazzer-junit:0.24.0"
|
||||
testImplementation "com.code-intelligence:jazzer-junit:$jazzerVersion"
|
||||
|
||||
// Logging
|
||||
testImplementation "ch.qos.logback:logback-classic:$logbackVersion"
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ public class AsciiArmorFuzzTest {
|
|||
maxDuration = "60s"
|
||||
)
|
||||
public void armorAndDearmorData(FuzzedDataProvider data) throws IOException {
|
||||
byte[] bytes = data.consumeBytes(1024);
|
||||
byte[] bytes = data.consumeRemainingAsBytes();
|
||||
|
||||
byte[] armored = sop.armor().data(bytes).getBytes();
|
||||
if (Arrays.areEqual(bytes, armored)) {
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ import org.bouncycastle.util.encoders.Hex;
|
|||
import org.bouncycastle.util.io.Streams;
|
||||
import org.junit.jupiter.api.BeforeAll;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.pgpainless.exception.MissingDecryptionMethodException;
|
||||
import org.pgpainless.exception.ModificationDetectionException;
|
||||
import org.pgpainless.sop.SOPImpl;
|
||||
import sop.SOP;
|
||||
|
|
@ -75,7 +76,7 @@ public class EncryptedMessageFuzzingTest {
|
|||
maxDuration = "60s"
|
||||
)
|
||||
public void decryptFuzzedMessage(FuzzedDataProvider provider) {
|
||||
byte[] ciphertext = provider.consumeBytes(8192);
|
||||
byte[] ciphertext = provider.consumeRemainingAsBytes();
|
||||
if (ciphertext.length == 0) {
|
||||
return;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ public class ParseCertFuzzTest {
|
|||
|
||||
@FuzzTest(maxDuration = "30s")
|
||||
public void parseOpenPGPCert(FuzzedDataProvider data) throws IOException {
|
||||
byte[] certEncoding = data.consumeBytes(8192);
|
||||
byte[] certEncoding = data.consumeRemainingAsBytes();
|
||||
if (certEncoding.length == 0) {
|
||||
return;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,33 +6,24 @@ package org.pgpainless.sop.fuzzing;
|
|||
|
||||
import com.code_intelligence.jazzer.api.FuzzedDataProvider;
|
||||
import com.code_intelligence.jazzer.junit.FuzzTest;
|
||||
import org.bouncycastle.bcpg.BCPGInputStream;
|
||||
import org.bouncycastle.bcpg.UnsupportedPacketVersionException;
|
||||
import org.bouncycastle.openpgp.PGPObjectFactory;
|
||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||
import org.bouncycastle.openpgp.bc.BcPGPObjectFactory;
|
||||
import org.bouncycastle.openpgp.api.OpenPGPKeyReader;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.IOException;
|
||||
|
||||
public class PublicKeyPacketFuzzTest {
|
||||
|
||||
@FuzzTest(maxDuration = "30m")
|
||||
public void parsePublicKeyPacket(FuzzedDataProvider provider)
|
||||
{
|
||||
byte[] encoding = provider.consumeBytes(8192);
|
||||
private final OpenPGPKeyReader reader = new OpenPGPKeyReader();
|
||||
|
||||
@FuzzTest(maxDuration = "60s")
|
||||
public void parsePublicKeyPacket(FuzzedDataProvider provider) {
|
||||
byte[] encoding = provider.consumeRemainingAsBytes();
|
||||
if (encoding.length == 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
ByteArrayInputStream bIn = new ByteArrayInputStream(encoding);
|
||||
BCPGInputStream pIn = new BCPGInputStream(bIn);
|
||||
PGPObjectFactory objFac = new BcPGPObjectFactory(pIn);
|
||||
try {
|
||||
Object next = objFac.nextObject();
|
||||
if (next == null) return;
|
||||
|
||||
PGPPublicKeyRing pubKey = (PGPPublicKeyRing) next;
|
||||
reader.parseCertificate(encoding);
|
||||
} catch (IOException e) {
|
||||
// ignore
|
||||
} catch (UnsupportedPacketVersionException e) {
|
||||
|
|
|
|||
|
|
@ -6,33 +6,25 @@ package org.pgpainless.sop.fuzzing;
|
|||
|
||||
import com.code_intelligence.jazzer.api.FuzzedDataProvider;
|
||||
import com.code_intelligence.jazzer.junit.FuzzTest;
|
||||
import org.bouncycastle.bcpg.BCPGInputStream;
|
||||
import org.bouncycastle.bcpg.UnsupportedPacketVersionException;
|
||||
import org.bouncycastle.openpgp.PGPObjectFactory;
|
||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||
import org.bouncycastle.openpgp.bc.BcPGPObjectFactory;
|
||||
import org.bouncycastle.openpgp.api.OpenPGPKeyReader;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.IOException;
|
||||
|
||||
public class SecretKeyPacketFuzzTest {
|
||||
|
||||
@FuzzTest(maxDuration = "30m")
|
||||
private final OpenPGPKeyReader reader = new OpenPGPKeyReader();
|
||||
|
||||
@FuzzTest(maxDuration = "6ßs")
|
||||
public void parseSecretKeyPacket(FuzzedDataProvider provider)
|
||||
{
|
||||
byte[] encoding = provider.consumeBytes(8192);
|
||||
byte[] encoding = provider.consumeRemainingAsBytes();
|
||||
if (encoding.length == 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
ByteArrayInputStream bIn = new ByteArrayInputStream(encoding);
|
||||
BCPGInputStream pIn = new BCPGInputStream(bIn);
|
||||
PGPObjectFactory objFac = new BcPGPObjectFactory(pIn);
|
||||
try {
|
||||
Object next = objFac.nextObject();
|
||||
if (next == null) return;
|
||||
|
||||
PGPSecretKeyRing secKey = (PGPSecretKeyRing) next;
|
||||
reader.parseKey(encoding);
|
||||
} catch (IOException e) {
|
||||
// ignore
|
||||
} catch (UnsupportedPacketVersionException e) {
|
||||
|
|
|
|||
|
|
@ -273,7 +273,7 @@ public class SignatureFuzzTest {
|
|||
maxDuration = "60s"
|
||||
)
|
||||
public void verifyFuzzedSig(FuzzedDataProvider provider) throws IOException {
|
||||
byte[] sig = provider.consumeBytes(1024);
|
||||
byte[] sig = provider.consumeRemainingAsBytes();
|
||||
if (sig.length == 0) {
|
||||
return;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ allprojects {
|
|||
bouncyCastleVersion = '1.82-SNAPSHOT'
|
||||
bouncyPgVersion = bouncyCastleVersion
|
||||
junitVersion = '5.8.2'
|
||||
jazzerVersion = '0.24.0'
|
||||
logbackVersion = '1.5.13'
|
||||
mockitoVersion = '4.5.1'
|
||||
slf4jVersion = '1.7.36'
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue